tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sanitizer-inert-document.tentative.html (2711B)

      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4 <title>Test whether fragment created for sanitization is inert.</title>
      5 <script src="/resources/testharness.js"></script>
      6 <script src="/resources/testharnessreport.js"></script>
      7 </head>
      8 <body>
      9 <div id="test"></div>
     10 <script>
     11 promise_test(t => {
     12  return new Promise((resolve, fail) => {
     13    globalThis.failsafe = fail;
     14    globalThis.resolvesafe = resolve;
     15 
     16    const div = document.createElement("div");
     17    document.getElementById("test").appendChild(div);
     18    div.setHTML(`<img src="data:image/png," onerror="globalThis.failsafe('shouldnt load')">`);
     19 
     20    const div2 = document.createElement("div");
     21    document.getElementById("test").appendChild(div2);
     22    div2.innerHTML = `<img src="data:image/png," onerror="globalThis.resolvesafe('shoud load')">`;
     23  });
     24 }, "Test whether setHTML executes the fail handler.");
     25 
     26 promise_test(t => {
     27  return new Promise((resolve, fail) => {
     28    globalThis.failunsafe = fail;
     29    globalThis.resolveunsafe = resolve;
     30 
     31    const div = document.createElement("div");
     32    document.getElementById("test").appendChild(div);
     33    div.setHTMLUnsafe(
     34      `<img src="data:image/png," onerror="globalThis.failunsafe()">`,
     35      {sanitizer: {removeElements: ["img"]}});
     36 
     37    const div2 = document.createElement("div");
     38    document.getElementById("test").appendChild(div2);
     39    div2.innerHTML = `<img src="data:image/png," onerror="globalThis.resolveunsafe()">`;
     40  });
     41 }, "Test whether setHTMLUnsafe executes the fail handler.");
     42 
     43 const url = "/fetch/metadata/resources/record-header.py?file=image";
     44 const options = {sanitizer: {removeElements: ["img"]}};
     45 
     46 promise_test(t => {
     47  return new Promise((resolve, fail) => {
     48    const div = document.createElement("div");
     49    document.getElementById("test").appendChild(div);
     50    div.setHTML(`<img src="${url}">`, options);
     51    fetch(url + "&retrieve=true")
     52      .then(response => response.text())
     53      .then(text => {
     54        if (text.includes("No header has been recorded"))
     55          resolve()
     56        else
     57          fail("The server observed a request. It shouldn't have.");
     58      });
     59  });
     60 }, "Test whether setHTML loads the image.");
     61 
     62 promise_test(t => {
     63  return new Promise((resolve, fail) => {
     64    const div = document.createElement("div");
     65    document.getElementById("test").appendChild(div);
     66    div.setHTMLUnsafe(`<img src="${url}">`, options);
     67    fetch(url + "&retrieve=true")
     68      .then(response => response.text())
     69      .then(text => {
     70        if (text.includes("No header has been recorded"))
     71          resolve()
     72        else
     73          fail("The server observed a request. It shouldn't have.");
     74      });
     75  });
     76 }, "Test whether setHTMLUnsafe loads the image.");
     77 </script>
     78 </body>
     79 </html>